#!/bin/bash
#脚本说明:一键安装ftp脚本
#auto:冬海

if ! command -v wget &> /dev/null
then
    yum -y install wget
fi

#安装ftp及其相关工具
yum install vsftpd libdb-utils -y

if [ "$?" !-eq 0 ]; then
echo "安装失败，请检查服务器网络连接是否正常！"
exit   
fi

mkdir -p /etc/vsftpd/user_conf/

#ftp配置文件
cat <<EOF >/etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_enable=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd.vu
guest_enable=YES
guest_username=virtual
user_config_dir=/etc/vsftpd/user_conf
ftpd_banner=Welcome to FTP service
allow_writeable_chroot=YES
max_clients=300
max_per_ip=10
use_localtime=YES
pasv_enable=YES
pasv_min_port=30000 
pasv_max_port=35000
EOF

# 配置PAM
cat <<EOF >/etc/pam.d/vsftpd.vu
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
EOF

# 配置selinux
cat <<EOF >/etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
EOF

# 创建用户配置文件
touch /etc/vsftpd/user_conf/default
cat <<EOF >/etc/vsftpd/user_conf/default
anon_world_readable_only=NO
anon_umask=022
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
allow_writeable_chroot=YES
EOF
cp /etc/vsftpd/user_conf/default /etc/vsftpd/user_conf/donghai
#复制用户文件
touch /etc/vsftpd/vsftpd_user.txt
cat <<EOF >/etc/vsftpd/vsftpd_user.txt
donghai
123456
EOF

# 创建虚拟用户
useradd -s /sbin/nologin -d /home/ftp virtual

# 生成ftp用户
db_load -T -t hash -f /etc/vsftpd/vsftpd_user.txt /etc/vsftpd/vsftpd_login.db

# 设置ftp目录
read -r -p "请输入全局ftp默认目录:" ftp_dir
if [ ! -d "$ftp_dir" ];then
  mkdir -p "$ftp_dir"
fi
chown virtual "$ftp_dir"
cat <<EOF  >>/etc/vsftpd/vsftpd.conf
local_root=$ftp_dir
EOF

modprobe ip_nat_ftp


firewall-cmd --zone=public --add-port=21/tcp --permanent
firewall-cmd --zone=public --add-port=30000-35000/tcp --permanent
firewall-cmd --zone=public --add-port=30000-35000/udp --permanent
firewall-cmd --reload
systemctl restart firewalld


mv "add_ftp_user" /bin/
mv "delete_ftp_user" /bin/
chmod +x /bin/add_ftp_user
chmod +x /bin/delete_ftp_user

systemctl enable vsftpd.service

# 部署完成重启
init 6





